On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company catch up on a week of privacy news, ranging from the legislative debate on Coppa 2.0, the EDPB Opinion limiting the impact of the One Stop Shop, the Lockbit take down by the FBI and European police authorities, the preparations for the Olympic Games in Paris and the Right to be Forgotten.
If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!
Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/
#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
On this week of Serious Privacy, Paul Breitbarth of Catawiki and Dr. K Royal of Crawford & Company catch up on a week of privacy news, ranging from the legislative debate on Coppa 2.0, the EDPB Opinion limiting the impact of the One Stop Shop, the Lockbit take down by the FBI and European police authorities, the preparations for the Olympic Games in Paris and the Right to be Forgotten.
If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us!
Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/
#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
Last week was not only the week. The EO digital services act went into effect. It also, so quite a bit of other news from around the world. So we talk about lock bit copper, 2.0, the European one stop shop, or maybe the end of it. The Olympic games and the right to be forgotten. And now that we're on the topic, don't forget if you are in London. When this episode comes out, reach out to Kay and Ralph who will hold court. Outside the IAPP data protection intensive might be a good opportunity to catch up or to give a quote for the podcast. My name is Paul Breitbart. My name is Pal Breitbart.
K Royal:And I'm Kay Royal and welcome to Sirius Privacy. So Paul, it has been incredibly busy for the past week. We didn't really do news last week. We've got some time to catch up on and I'm drowning in all the news. So let's do an unexpected question.
Paul Breitbarth:What have you got in store?
K Royal:ask this one because I don't even know where it's going to go, but I'm going to ask it. Do you consider yourself a lemon or a lime?
Paul Breitbarth:Oh that I have to be a lime because I prefer green over yellow.
K Royal:Well, actually that's where I was going to go and I used lime in the, in guacamole. I used lime juice rather than lemon
Paul Breitbarth:Oh in cooking I also prefer lime over lemon.
K Royal:But I will say that when I boil eggs I try to squeeze some lemon juice in it because supposedly that makes them easier to shell afterwards. I've never noticed that there's a difference in shell.
Paul Breitbarth:No, you just need to put them under cold water quickly.
K Royal:Okay, that's the unexpected question. As y'all
Paul Breitbarth:Yeah, we're not we're not gonna get a
K Royal:to me too.
Paul Breitbarth:We're not gonna get a serious one.
K Royal:A serious one. Okay, I could. This would be interesting. If you could take one prop from any movie set, what would it be?
Paul Breitbarth:the framed napkin from the West Wing, let Bartlett be Bartlett.
K Royal:Oh, that's awesome. I like that. I was thinking Something cool because of the cosplay, the shields or the swords or something like that. But I'm going to go to my favorite movie. And I don't know what prop I could get from them, but my favorite movie of all time is Cool Running. The Jamaican bobsled team. I went to Jamaica and I was very excited to buy a Cool Running's Jamaica shirt. They don't sell them! So, if I could get anything, I would get a prop from the Cool Runnings movie. Especially if there was something with the team and the Jamaica and everything on it. That's what I would get. That would make me happy. Otherwise, it's going to be a sword, because I love swords. So, alright, let's move on. News, news, news, news, news. You would have loved this one. I'm sorry, I'm, I'm, I can't find my question book so I'm pulling up websites with icebreaker questions. Here, here's one on here. Would you rather have slow internet or always forget your passwords? I always forget the passwords anyway, so it's not a question,
Paul Breitbarth:I'm happy to forget my passwords because I've got a password manager, but
K Royal:right? So, okay. Anyway, these are this would be
Paul Breitbarth:Okay, question, question
K Royal:to bookmark Question time is over. Let's do
Paul Breitbarth:Happy
K Royal:been happy DSA. What?
Paul Breitbarth:Happy DSA week. On Saturday, the Digital Services Act entered into effect, which is probably just as big as the 25th of May 2018.
K Royal:It really is and I need to remember that date But for some reason I have not heard it referred to as DSA week. I was like what are
Paul Breitbarth:I mean, that's, there is no, there is no DSA week, but I mean, just because it entered into effect on Saturday, like we said, happy GDPR week back in 2018. This is a big thing for European, Online platforms, especially for the very large online platforms. But also for the smaller ones. I mean, Cat's Eye Wiki is an online platform, so we are also dealing with it. Any marketplace needs to deal with it. Any hosting provider needs to deal with this. Any social medium needs to deal with it. And the
K Royal:And are there good resources? Are there good resources for them to go to?
Paul Breitbarth:no, and there is not yet, there is not a lot of guidance yet. The most of the supervisory authorities have not even been officially appointed yet despite a two year transition period. So also here we are a bit behind the facts, but we'll get there give it a couple of more months, except for the very large online platforms that fall directly under the supervision of the European Commission. And the European Commission has set up a DSA enforcement unit already some time ago, they're actively ramping it up. And on Monday. The 19th of February, the European Commission immediately announced an investigation into TikTok under the Digital Services Act, including for misleading misleading practices when it comes to children's data. And a lot of the DSA, the Digital Services Act, for those of you who may not remember is about fighting illegal and harmful online content and whether that is online speech or things that are stolen or otherwise illegal. Obviously also sharing nudes without person's consent. All those kinds of things are covered by the DSA. To protect people, to protect children, and TikTok is the very first one under investigation for the negative effects stemming from the design of the system. Including their algorithms, creating a rabbit hole but also people's physical and mental well being the concerns about privacy, safety, and security for minors no good repository for advertising, and that's also something that is now mandatory. Under the DSA for all online platforms and also no access to reach our researchers for publicly accessible data to do some analysis, which is applicable to the very large online platforms. So it is a pretty broad scope of an investigation. I guess if it was a data protection authority doing this, these would probably be four or five separate investigations instead of one. And my best guess is that it will take the better part of two years before we see any results of this because this is, well, it is, it is new ground and you can also assume that everything that the European Commission concludes or wants to conclude will also immediately be challenged in court. so just like we see DPA investigations taking a long time. I don't expect the DSA investigations to go any any faster. But hey, we may be surprised.
K Royal:We might be, or we might get some little leaks of things happening, or we might actually start seeing some behavioral changes in the companies that are under investigation. As the investigation proceeds and they get asked questions on specific behaviors, they may decide on themselves to start changing those behaviors because, Oh, I didn't know they would ask about that. Oh, okay. So we can't say that we didn't do it, but we can at least fix it going forward. You would hope that that would be the mindset, right? And as we know, they'll still get in trouble for what they did, but the quicker they can fix it moving forward, the better it is.
Paul Breitbarth:Well, you know, the, the, the main thing, main interest for me here is the algorithmic transparency and the addictive nature of the algorithms. I think that is a, a key part of this investigation, which obviously is not just applicable to TikTok. You have to same on Instagram. You have to same on. X formerly Twitter, where you are sucked into rabbit holes on YouTube. Also because of autoplay of the next or just swipe through to the next video or picture and before you know the better part of an hour is gone.
K Royal:Exactly. Exactly.
Paul Breitbarth:happen to me, obviously, but
K Royal:Never, never would not happen. It happens to me at night. Well, it does happen to me at night because sometimes I get stuck. Oh my gosh. Watching these little dance clips and stuff. Sometimes I have some that I love to, to watch. Cause I don't get to go dance. I mean, I've been looking to see if there's a place I can go learn ballroom dancing or something to learn ballroom dancing or something. But my husband will not. will not in any way, form or matter go with me. And personally, I think dancing with your loved one is the sexiest and best thing that a couple can do in public. And he does not share my enthusiasm. So I do get lost in watching dance videos and dreaming of a day.
Paul Breitbarth:shows me renovation videos right now and IKEA hacks and things like that.
K Royal:We actually have what do you call a, The stuff you put in the wall. Insulation. We have insulation up in the house now and the electricity is being hooked up to it. So they should
Paul Breitbarth:I think by now I know how to do that just by watching all those gazillion videos on putting up insulation and
K Royal:well, apparently it I'd love to put insulation up around the internal walls of my office because of, you know, everything I do. But however I understand that drywall takes about a month to dry here because of the humidity and the weather and everything. In Arizona it takes 24 hours, but apparently in South Carolina it takes about a month. So that, that will be the largest part of my wait. But yes, there's, there's more and more news up here. Some of these, let me just spit them out and see if Paul wants to talk about any of these. So, let's see, there's another one that I picked up from Europe is the Data Protection Board is clarifying which Data Protection Authority will lead cross border investigations. They also discuss the extent of guidance regarding the consent or pay model during the plenary.
Paul Breitbarth:let's let's go back to the lead authority because that's actually an interesting one, because they are, they are making it much more strict than probably the intention of the legislator was when the GDPR was written. Because based on this new guidance, you really need to make the decisions in your European office on how personal data is processed. Will the one stop shop apply? And I guess this is an attempt of certain data protection authorities to get more powers over big tech because they would be able to, they would be able to claim, Hey, the real decisions are not taken in Dublin. They are taken in the United States or in Beijing. So the one stop shop doesn't apply. So, Hey, I'm the French DPA. I'm the German DPA. I'm the Swedish DPA. And here I am going to enforce the GDPR on you because you cannot rely on the one stop shop
K Royal:Well, and it's an interesting, when I read it my thought on that was that this is one of the few times that I've seen the European courts or authorities play with words. I don't see that too often out of Europe. When you say what you mean and you mean what you say, and it is what it sees. But. They're playing
Paul Breitbarth:Really? You've never read an opinion of the edpb with all the in between the line stuff
K Royal:Well, I have, but it's never hit me of them playing with words before this time. It really does strike me that they are, but we'll see what happens with that too. So I think that's going to be a really interesting one to watch because cross border transfers huge people and it's starting to be huge out of other countries as well. You know that now it's starting to be huge out of the United States. So if you're contracting, It is, and it's not because we have any cross border transfers. A lot of it comes from the protections the federal government puts in place. So, the federal government, those restrictions the state governments like to copy, and that means that local governments like to copy them as well, and they typically don't want data to go outside the U. S. We discussed this years ago when it came to HIPAA about how a lot of companies subject to HIPAA and it's both covered entities and business associates don't want the data to go outside the U. S. Although, by the letter of the law, HIPAA would apply extraterritorially. but they've never really enforced it. So if a company here in the U S uses a company in Europe as a business associate, they're welcome to do that. And the company in Europe would have to comply with the business associate agreement and what they say. We've had that conversation about, I comply with the GDPR. I don't need to do anything extra for HIPAA. Yeah. Yeah, you do, which is why I wrote the little guidebook. Yeah, there are other things you need to do, but does that mean then that they are subjecting themselves directly to the authority of department of health and human services in the U S kind of iffy they are because they're a business associate, but they. aren't because when HHS reach outside the U. S. to enforce the provisions. So it's kind of interesting how that plays out. But regardless, the government entities and those subject to federal laws are starting to want the data to stay within the U. S. and not even be accessed outside the U. S. Even if there's no, physical storage of the data outside the U. S. They're, they're really particular about having the data accessed outside the U. S. because of the vulnerabilities that are introduced and, you know, the lack of control that they perceive in a lot of countries. A lot of U. S. companies do outsource customer service and a whole bunch, software development to other countries. Some of the countries you might not want your data to go to, which brings in the big news of taking down the, the big group, right? God, I gotta put, I had this right up
Paul Breitbarth:mean lock bit
K Royal:Yes! Yes! The big news,
Paul Breitbarth:for law enforcement
K Royal:yeah, the big news of taking down LockBit, and what that actually is impacting, and I actually just saw a new, a news item, I can't remember who it was, But I think it's the FBI might be the CIA put out a 10 million reward for information leading to the leaders of a certain group as well. Might still be a lot bit that part might just be skipping my brain a little bit, but I thought that was interesting of offering a 10 million reward for information leading to. The, the key people running the organization. Maybe that's not a new tactic to bring, but it sounded like a pretty new tactic to me.
Paul Breitbarth:No, but this is, this is, this is a big step because you see that the UK National Crime Agency, together with the FBI, with Europol, and multiple national police forces in the Netherlands, in France, Japan, Switzerland, Canada, Australia, Sweden, Finland, and Germany, Huge global effort indeed have taken down the LockBit website taken the website under their control. and for
K Royal:And the website now has a message up that this website is now under the control of Blankety Blank Blank.
Paul Breitbarth:Of the, of all those police forces. But for those of you who don't realize, LockBit is a cybercriminal group. Offering something called ransomware as a service We all know software as a service and mobility of a service, but now there is also ransomware as a service where you can just Pay somebody to attack other websites or other companies, with ransomware and for example here in the netherlands it happened to the national soccer association and they paid because their all their member data was also taken, including that of the multi million euro owning top football players, soccer players.
K Royal:Which is huge. That's a huge risk to those individuals.
Paul Breitbarth:it is. So it is a, a, a very big step that they have been able to take this down. Also. Let's not forget that another similar organization will probably pop up soon.
K Royal:Of course, and I mean, there's already stories out there about, you know, people, this may be a big win, but it may only be temporary because these groups do disperse and disband and then they come back together and they create another group. They're not going to stop their behavior,
Paul Breitbarth:No, not as long as it's profitable.
K Royal:but it
Paul Breitbarth:big game of, of Whack A Mole where you get rid of one and then the
K Royal:Yes. So, there was, there
Paul Breitbarth:0. Heh
K Royal:well, I, I do want to do that, but I want to go to this really interesting article on the six things we learned about the LockBit takedown. So, this was one that caught my attention this morning. It's by Carly Page and Zat Whitaker. It is on TechCrunch. And it says, the six things that we've learned. One, LockBit did not delete the victim's data. Even if The ransom was paid. Even the ransomware gangs failed to patch vulnerabilities that was part of their takedown ransomware takedowns take a long time. This was called Operation Kronos, and it started in April of 2022 at the request of the French authorities. Lock Bit has hacked more than 2000 organizations. It first entered the cyber crime scene in 2019 that they know of. And sanctions targeting lock bit members may affect other ransomware. So one of the lock bit mem, lock bit members who was indicted in sanctioned is a Russian national. Who's involved in other ransomware gangs such as. Reval or, or Evil, Ransom X, Avedon different things like this. So and then the British, apparently this is another thing that we've learned. The British have a sense of humor. The Lock Bic sting, this is quote, has shown us that the UK authorities have a sense of humor. Not only has the NCA made a mockery of Lock Bic by mimicking the gang's dark web leak site for its own Lock Bic. related revelations, we found Easter eggs hidden on the Now Sees Lot Bic site. Our favorite is the various file names for the site's images which include, oh dear, so, or, doesn't look good, or, this is really bad kind of thing. So it is. So yes, let's talk a little bit about COPPA 2. 0. So, we've talked for years about how there is something that they're calling COPPA 2. 0. Or they're trying to enhance the protections for children through the American Children's Online Privacy Protection Act. So it's kind of started gaining some real progress. We've seen over 2022, 2023. Now we're up to what they are hoping is actually going to be passed. So it's called the Children and Teens Online Privacy Protection Act. And what it's going to do is it's going to raise the limits of Kappa up to, I believe it's going to be age 16 or under, but It says that they are uniquely vulnerable. So it's not going to be the exact same protections. There are going to be a few differences in the protections that COPPA 2. 0 are going to offer because they do recognize that those that are 13 to 16 years old are a little bit more active online. But it is going to add in some protections that you absolutely do have to put in place. So this is something a lot of companies are kind of excited over. Because they want more protections to be in place for children. But you know, those companies don't seem to be the ones who make the money off the children who are using their website. So there's been a lot of companies that have gotten in trouble. You can think of YouTube, you can think of Epic Games. There's a lot of them where they haven't followed COPPA. provisions for their younger users. And COPPA does require known users in here. And so that's a piece that's going to be interesting because the courts have found that companies or FTC has found that companies do know That they have children using their websites because they actually set up children's YouTube or something like that. But, what they're saying they don't know is the age of the child. And under COPPA, the age verification is, is laughable. It's laughable. So they're going to strengthen those types of verifications. The parental verification is also laughable. One of them is by using credit cards. If you use a credit card and verify you're a parent, then, you know, every time the site charges, you'll get a notice that there's a charge. Therefore, you know, your child is using it. Seven year olds know how to go get daddy's credit card,
Paul Breitbarth:in any case in the U. S.
K Royal:And they say that they send the verification email, they wait. It's not immediately, they'll send a verification email like 3 days later or 4 days later when they think the child isn't watching the parent's email. You can put in a fake email address, people! You don't have to use the real email address. And not to mention that if the parents don't have their email locked down, the child's going to be getting into the parent's email anyway. And most people don't have their email locked down. Let's be honest here. They share devices. They have email on it. They give their phone to their three year old granddaughter to watch videos on and she can open email. It's yeah. And steal your phone and go hide it under her bed. My email is locked down, but not the phone apparently. but, or it's, it's a device, not really a phone, but not only that, but so much email goes into spam nowadays. How many people have thousands of emails they haven't read yet? So for a parent to go in and, and have to affirmatively say, no, this was not my permission, rather than, you know, silence is golden. The, it's, it's crazy. So this is what COPPA 2. 0 is working to help. Protect is to increase the protection on it to raise the age and then also do some work on what the language around what you actually have to do. How do you verify children? How do you verify parental consent? So it's going to look a little different, but going along with that is the court in Ohio who actually did put an injunction on the, the children requirements. Let me pull this one up. Halted Ohio's enforcement of a new law mandating social media platforms, you know, like Instagram, TikTok, to obtain parental consent for children under 16 to access their services. So the judge said no we're, we're, we're going to halt that while the court is going through or while the case is going through the court. We're, we're not going to put an injunction and stop it. We're going to we're going to halt the enforcement. We're going to put, God, I can't even talk today, Paul. The judge said we're going to halt the enforcement while the case is going through, so you won't have it. But, meanwhile and this is not the same thing as Utah. Utah put in the parental protection too, and we saw some interesting there and things there. But, There was the California case that said, yes California can enforce the CPPA's final regulations. And they should have been able to enforce them from the point that it was to go into effect July 1st of last year. So, we are seeing some interesting decisions come out across some of these enforcements, some of the new laws. At the same time, that we have more visibility for privacy and security being taken seriously in the United States. So that the public state statements by the White House, by the FTC, by the federal authorities, it's really nice to start seeing that this is taking. being taken seriously. And Paul and I have talked about this before that privacy looks different here in the U S but the more we start seeing things happen, the more the visibility is going to raise. And what we really need it to raise to is the federal authorities or The politicians, which yes, we have to re educate them every two to four years, and they turn over like crazy, and this is an election year. So, it's interesting to see those come up, and some of the other ones that I notice, that came up is news. In other countries, because we don't just pay attention to the U. S. We promise. We do pay attention to other countries as well. So South Korea released a guide to masking information in the public sector. So that was really good. Nigeria, I think, put out some guidance on theirs, didn't I say something? Yeah, Nigeria published guidance for their data controller and data processor registration requirements. Nice to see those Nigerian and American African laws starting to build up. I know that most people are going, I, I don't do business in Nigeria. There's a lot of companies that do do business in Nigeria. So
Paul Breitbarth:exactly. Plus it's good for, and it's good for everybody if the overall level of data protection around the world increases. And let's not forget Nigeria is one of the biggest economies in Africa. Yeah.
K Royal:So whether you do business there or not There are a lot of people that do do business there and so you may think that's not a big splash on the global stage But it really is This is confirmation that data protection is still the hottest growing area of law and people need to pay attention with it no matter where they are.
Paul Breitbarth:Yes, fully agree. So when you talk about the world, the one place where all of the world usually comes together is at the Olympic Games.
K Royal:yes, yes,
Paul Breitbarth:And the Olympic Games this summer will be held in Paris, France.
K Royal:Ooh,
Paul Breitbarth:And obviously, there is also a big security risk, especially in a city like Paris. France has been the victim of multiple terrorist attacks in recent years. So the security services are getting nervous and have additional powers. Police has additional powers. There will be more monitoring, more CCTV, QR codes to access certain spaces. So guess what is one of the priorities for, guess what is one of the priorities for the French Data Protection Authority, the CNIL, for this year's enforcement program? Data processing in light of the Olympic Games. Just to make sure that while keeping the nation secure, fundamental rights are not overlooked. And I think that's actually a pretty big step. So and also the, the commercial side, so the sales of tickets and what happens with the data. So all of that will be monitored by the French Data Protection Authority. But when I let, when I read their work program for 2024. What actually more surprised me is that another core topic for this year will be loyalty programs and what they call dematerialized cash register tickets. So basically that you do not get a receipt anymore but only an electronic copy somewhere in an app. which also can be a data protection concern, especially because it requires you to have an account to share personal data what happens with the data also in a marketing context, how long is it stored what analysis is taking place. So I thought that was an interesting step from from the French to also start looking at that one. I had
K Royal:it is.
Paul Breitbarth:really considered that topic but it does make sense.
K Royal:Yeah, it really does. Some of the other ones that come out, we have a lot of things about AI still coming out. I think Europe appointed an AI board. We've got a lot of information here in the United States about ai. There's a lot of ai. I will tell y'all that I am looking at AI policies. And how to draft AI policies and not just policies for, you know, how do you allow your employees to use chat GPT, but also policies on how do you start incorporating AI. into your business operations and what do you look at first and how does that impact your most protected data. So AI is still a really, really a big part of what we're looking at. So that's always going to be in the news. I plan to take the IAPP AI certification as soon as they actually launched the certification. So I've been reading some of their information there, but there was a story that I came across in The IAPP news that really that really stood out to me. And this was on the Argentina's. Agency of Access to Public Information conducted a review of over 100 websites to see if they were using dark dark patterns. Now, as I told my students this last week, I really don't like that phrase. Dark patterns Irritates me, but I don't know what phrase I would use instead. It's psychological manipulation of someone making a choice on a website or an app by presenting one option as more preferred over another option. So yes, it irritates me, especially on my phone when I open up an app and it's, you know, except our cookies or nothing. It's except the cookies or it's closed the banner. You close the banner, you're giving implicit consent. If you accept the cookies, you're giving explicit consent. There's no option to not accept them or get away from the banner. And so irritating might be something I would try to apply to the, the title of these things, but it is, it is deceptive practices to trick. And I still think it's deceptive. And I don't know if y'all have noticed, but now with a lot of banners, there's either accept or set cookie preferences. And you go into the set cookie preferences, and sometimes they're all already turned off, and sometimes they're all still on, and you have to go through each one, and you have to turn them off, but then at the bottom, save my choices, or exit, the set cookie. Exit is the green button that you're, that's on the right that most people are going to naturally choose rather than the save my preferences, which is in a very bland, discolored kind of button that you don't, if you're not paying attention to that, you can make all your choices and then just click cancel and go
Paul Breitbarth:Yep. I mean, that is, that is very much deceptive. It's illegal in Europe that way. That doesn't mean that everybody is compliant, but it is one of the priorities for multiple data protection authorities this year. I know the Dutch have received extra funding to go after cookie banners and in
K Royal:yeah.
Paul Breitbarth:guidance from all the European DPAs, those are examples of this is how not to do it.
K Royal:Yeah, so it look, it looks like it's right up front on the face of it because you either accept choices or you go to set your preferences. But when you go to set your preferences, then you're running into more things. And it's not as easy to not accept cookies as it is to accept cookies. So they're still not making it an easy choice. Most European companies do, let's be honest. It's either accept cookies or reject all optional cookies.
Paul Breitbarth:Meh, meh. I still see a lot of bad practices out here. That's we're not as good as you think. No,
K Royal:as good as you think. so,
Paul Breitbarth:a final story that actually moved very much under the radar.
K Royal:ooh, which one?
Paul Breitbarth:this has to do with the right to be forgotten.
K Royal:Oh, this isn't shrimps allowed into the
Paul Breitbarth:nope, nope, nope, nope, nope. This
K Royal:Tell me about it.
Paul Breitbarth:Well, you remember the Costeja case from 2016 or, no, even before that, 2014, on the right to be forgotten. Apparently already back in 2020, The Swedish DPA issued a 75 million kroner fine against Google, 7. 5 million euros, for a breach of GDPR when dealing with the right to be forgotten. Because Google would communicate back to the website owner that they would take down a link, including the reason why. And the Swedish DPA said, hey, this is a breach of privacy of the individual who filed a right to be forgotten complaint. So Google should not report back to full detail to the website owner. They should just inform them we've taken down this reference without any further detail. This was appealed by Google.
K Royal:Of
Paul Breitbarth:But the appeal in last instance was actually denied. The fine had been reduced to 50 million kronor in the meantime but the Swedish High Court actually upheld the decision on merits from the Swedish DPA which means that Google is no longer allowed to share, and that goes for all search engines they're no longer allowed to share That a link was removed because of a right to be forgotten request. And as of This week as of last week, February 15 Google has confirmed to the Guardian out of the UK, that indeed they have stopped that communication to website owners which again then angers some of the website owners because they say, well, sometimes a right to be forgotten request is granted but incorrectly, and now we, we cannot fight it, but in the end this is how it will play out. Google has implemented a Swedish decision across the European Union. And we'll need to stick with it.
K Royal:Interesting. That is one that flew under the radar. I think I saw it in passing but didn't think about it. Hardly any at all. Well that is,
Paul Breitbarth:it, it does make sense.
K Royal:it does. Absolutely. You know, there is, yeah. I don't think that we mentioned, or did we mention there are the two, yes we did, never mind, I'm going to shut up about that. So, that's a wonderful note. No, no, no, no, no. I can't even talk. That's a wonderful note to end on. The Google story under the radar. Hopefully y'all are paying attention. If y'all have any questions or comments or thoughts about any of the stories we've talked about or anything else that came out with the news. As I said in the beginning, there was a lot of news to cover for the past two or three weeks. Haven't seen any additional state laws come up in the U S so that's good. India's Ministry of Electronics. and IT is asking for feedback on its IOT security roadmap. So if you've got some free time, feel free to pull that up. Look at it. It's kind of interesting. For IOT is still a big thing. IOT is still a big thing. It's going to be a bigger thing. It's gonna continue to grow. I'm teaching this week to my students on RFIDs. And a lot of people think, oh, well that's old school. Still big things with RFIDs. I mean, one of the hated, most hated,
Paul Breitbarth:and every public transport card in the world is RFID. So.
K Royal:Right, and all the, the things on all the utensils and the equipment that you use in hospitals. They put RFIDs on patients bracelets in case they escape their rooms or the hospital itself, they leave without thing. There's, there's everything that's used with it. I think one of the ones I hate the most is smart dust. The little bitty teeny nanotechnology RFIDs that are put in that you can absorb so much information through just absolutely drives me crazy. And it's not a science, it's not a science fiction thing, it's a real thing. They use it in the ground, in the dirt to be able to pull up what minerals are there and when do you need to water for a lot of agricultural uses and everything. But I hate the fact that you can
Paul Breitbarth:like with all technology, yeah, I mean, like with all technology, there are very good use cases for it and very bad ones indeed. And on that note, we'll wrap up another episode of Serious Privacy. Join the conversation on LinkedIn. You'll find us under Serious Privacy. You'll find Kay on social media as Heart of Privacy and myself as EuropolB. Until next week,
K Royal:Don't cut the recording yet because I'll probably need to add in that when this comes out I will be in London. So I plan to camp out at the IAPP or near the IAPP Which is at 133 hounds breath or something like that And I will be camping out there to see people. So this will come out while I'm there So if you happen to hear it and you want to come by drop us a note Bye y'all